[Pkg-shadow-devel] Bug#660406: userdel segfault only seems to happen with locale != C
Martin Steigerwald
ms at teamix.de
Tue Mar 6 10:55:14 UTC 2012
Hi!
This only happens with locale != C here. With LANG=C it works:
mango:~# LANG=C userdel lokaltest
mango:~#
(Debian Wheezy, Debian Kernel 3.2.6)
With
mango:~# locale | head -1
LANG=de_DE.UTF-8
it gives:
mango:~# useradd -m --home /home_lokal/lokaltest lokaltest
mango:~# gdb userdel
GNU gdb (GDB) 7.4-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/userdel...(no debugging symbols found)...done.
(gdb) run lokaltest
Starting program: /usr/sbin/userdel lokaltest
Program received signal SIGSEGV, Segmentation fault.
0xb7e48aa6 in _IO_vfprintf_internal (s=0x800220b8, format=0x8000c2a0 "removed
shadow group '%s' owned by '%s'\n",
ap=0xbffff79c "F-8.\265\371\377\277\300\275") at vfprintf.c:1620
1620 vfprintf.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt full
#0 0xb7e48aa6 in _IO_vfprintf_internal (s=0x800220b8, format=0x8000c2a0
"removed shadow group '%s' owned by '%s'\n",
ap=0xbffff79c "F-8.\265\371\377\277\300\275") at vfprintf.c:1620
len = <optimized out>
string_malloced = <optimized out>
step0_jumps = {0, -13616, -13287, -13209, -13126, -13052, -12956,
-12732, -12440, -12070, -11841, -11662, -11347, -3139,
-3569, -3508, -3169, -3154, -9641, -2350, -2615, -11259, -1968,
-3038, -1747, -1686, -2958, -3282, -11347, -12808}
space = 0
is_short = 0
use_outdigits = 0
step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -12070, -11841, -11662,
-11347, -3139, -3569, -3508, -3169, -3154, -9641, -2350,
-2615, -11259, -1968, -3038, -1747, -1686, -2958, -3282, -11347, 0}
group = 0
prec = -1
step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -11841, -11662, -11347,
-3139, -3569, -3508, -3169, -3154, -9641, -2350, -2615,
-11259, -1968, -3038, -1747, -1686, -2958, -3282, -11347, 0}
string = 0x2e382d46 <Address 0x2e382d46 out of bounds>
left = 0
is_long_double = 0
width = <optimized out>
step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -11748, 0, 0, 0, -3569,
-3508, -3169, -3154, -9641, 0, 0, 0, 0, -3038, 0, 0, 0,
0, 0, 0}
alt = 0
showsign = 0
is_long = 0
is_char = 0
pad = <optimized out>
step3b_jumps = {0 <repeats 11 times>, -11347, 0, 0, -3569, -3508,
-3169, -3154, -9641, -2350, -2615, -11259, -1968, -3038,
-1747, -1686, -2958, 0, 0, 0}
step4_jumps = {0 <repeats 14 times>, -3569, -3508, -3169, -3154,
-9641, -2350, -2615, -11259, -1968, -3038, -1747, -1686,
-2958, 0, 0, 0}
is_negative = -1073743972
base = 0
the_arg = {pa_wchar = -1208751361 L'\xb7f3eaff', pa_int = -1208751361,
pa_long_int = -1208751361,
pa_long_long_int = -5191521323449062657, pa_u_int = 3086215935,
pa_u_long_int = 3086215935,
pa_u_long_long_int = 13255222750260488959, pa_double =
-3.675473361121283e-39,
pa_long_double = -6.0003923170815641264831680367402585e+3308,
pa_string = 0xb7f3eaff "",
pa_wstring = 0xb7f3eaff
L"\x25000200\x62252061\x20652520\x253a4825\x53253a4d\x205a2520\x6c005925\x636269\x49534f50\x4e410058\x585f4953\x2d342e33\x38363931\x795b5e00\x5e005d59\x5d4e6e5b\x25007f00\x25742570\x25742567\x2574256d\x252b0066\x61252063\x6c2520\x2f4f5349\x20434549\x35363431\x31692032\x46206e38\x2d434344\x746573\x646c654b\x6d695320\x65736e6f\x656b006e\x6440646c\x6775756b\x6b642e\x2035342b\x32323133\x3435362d\x342b0033\x33332035\x362d3532\x333435\x4f5349\x302e31\x37393931\x2d32312d\x55003032\x7078656e\x65746365\x72652064\x2e726f72\x554f000a\x54555054\x4148435f\x54455352\x61686300\x74657372\x414c003d\x4155474e\x6d004547\x61737365\x736567\x7273752f\x6168732f\x6c2f6572\x6c61636f\x6c6c0065\x6c6c0064\x6c6c0069\x6c6c006f\x6c6c0075\x6c6c0078\x6c700058\x6c617275\x706e003d\x6172756c\x3d736c\x50534c4e\x485441\x5f617863\x78657461\x632e7469\x21206c00\x2828203d\x64696f76\x30292a20\x5f5f0029\x5f77656e\x74697865\x69006e66\x6900666e\x7974696e\x6e616e00\x632d00\x6e69622f\x68732f\x74697865\x63003020\x6e6f6e61\x6c616369\x2e657a69\x5f5f0063\x6c616572\x68746170\x47534d00\x42524556\x56455300\x56454c5f\x20004c45\x4f540020\x58494620\x2500203a\x25732573\x25732573\x25732573\x25732573\xa732573\x464e4900\x4157004f\x4e494e52\x52450047\x524f52\x544c4148\x5f6f7400\x7074756f\x74636e75\x70667600\x746e6972\x632e66\x6d262828\x61747362\x2d296574\x635f5f3e\x746e756f\x203d3d20\x73002930\x665f3e2d\x7367616c\x20262032\x6e280034\x296c69\x6c756e28\x5f00296c\x765f4f49\x69727066\x5f66746e\x65746e69\x6c616e72\x464e4900\x4e414e00\x705f5f00\x746e6972\x70665f66\x786568\x695f6f74\x6e75706e\x76007463\x61637366\x632e666e\x4f495f00\x7366765f\x666e6163\x746e695f\x616e7265\x2b77006c\x25732500\x6b6e5573\x6e776f6e\x67697320\x206c616e\xa6425\x6e6b6e55\x206e776f\x6e676973\x74006c---
Type <return> to continue, or q <return> to quit---
61\x66706d\x622b77\x732f2e2e\x65647379\x702f7370\x7869736f\x6d65742f\x6d616e70\x632e65\x44504d54\x2f005249\x706d74\x732a2e25\x2a2e252f\x58585873\x585858\x65675f5f\x65745f6e\x616e706d\x2500656d\x73732573\x616e6769\x6425206c"...,
pa_pointer = 0xb7f3eaff,
pa_user = 0xb7f3eaff}
spec = <optimized out>
_buffer = {__routine = 0x1, __arg = 0x2, __canceltype = 32, __prev =
0x401}
_avail = 0
thousands_sep = 0x0
grouping = 0xffffffff <Address 0xffffffff out of bounds>
f = <optimized out>
lead_str_end = 0x8000c2b6 "%s' owned by '%s'\n"
work_buffer =
"\000\000\000\000\000\000\000\000\a\000\000\000\217\v\364\267<\017\377\267\002\000\000\000\224\370\377\277\240\370\377\277
\211\377\267i\310\377\267\b\373\001\200\002\000\000\000\000\000\000\000\034\332\373\267\234\362\377\277\006\340\373\267\364\357\377\267\374\377\377\377\b\373\001\200\304\362\377\277Y\020\377\267\224\370\377\277\240\370\377\277",
'\000' <repeats 13 times>,
"p\366\267\000\000\000\000\006\000\000\000\070\341\373\267\224\370\377\277\002",
'\000' <repeats 11 times>,
"\002\000\000\000\355\017\377\267\364\357\377\267\b\373\001\200\003\000\000\000d\363\377\277\017P\377\267\000\000\000\000\300\374\001\200\001\000\000\000\000\000\000\000l\364\377\277\b\373\001\200d\363\377\277\241N\377\267l\364\377\277l\364\377\277\000\000\000\000\003\000\000\000\234\363\377\277\017P\377\267\000\000\000\000\250\370\001\200\001\000\000\000\000\000\000\000\244\364\377\277\b\373\001\200\234\363\377\277\360\366\001\200\354\362\377\277\244\364\377\277\001\000\000\000\001\000\000\200L\327\373\267\300\363\377\277t\363\377\277T\273\376\267T\335\373\267\060\366\377\277\a\000\000\000\000\360\375\267\000\020\000\000\364\357\377\267\000\000\000\000\260L\377\267D\364\377\277\364\357\377\267\250\324\373\267\000\000\000\000\364\363\377\277\245\301\376\267\233\364\377\277\220\364\377\277\224\364\377\277`\370\377\267(\375\363\267\364\357\377\267\000\000\000\000\\\325\373\267x\273\377\267\300\363\377\277\260L\377\267N\246\347\267L\327\373\267\310\375\001\200\061\037p]\003\000\000\000\003\000\000\000L\327\373\267\001\000\000\000\002\000\000\000\034\330\373\267\002\000\000\000\266\224\347\267\002\000\000\000"...
workstart = 0x0
workend = 0xbffff610
"\345\352\363\267\364\366\377\277\317\366\377\062\063\061\060\063\345\352\363\267\001"
ap_save = 0xbffff79c "F-8.\265\371\377\277\300\275"
nspecs_done = 0
save_errno = 0
readonly_format = 0
jump_table =
"\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r"
__PRETTY_FUNCTION__ = "_IO_vfprintf_internal"
#1 0xb7eed93d in ___vfprintf_chk (fp=0x800220b8, flag=1, format=0x8000c2a0
"removed shadow group '%s' owned by '%s'\n",
ap=0xbffff79c "F-8.\265\371\377\277\300\275") at vfprintf_chk.c:35
done = <optimized out>
#2 0xb7ed5fce in *__GI___vsyslog_chk (pri=6, flag=1, fmt=0x8000c2a0 "removed
shadow group '%s' owned by '%s'\n",
ap=0xbffff79c "F-8.\265\371\377\277\300\275") at ../misc/syslog.c:224
now_tm = {tm_sec = 38, tm_min = 46, tm_hour = 11, tm_mday = 6, tm_mon
= 2, tm_year = 112, tm_wday = 2, tm_yday = 65,
tm_isdst = 0, tm_gmtoff = 3600, tm_zone = 0x800141c0 "CET"}
now = 1331030798
fd = <optimized out>
f = <optimized out>
buf = 0x0
bufsize = 0
msgoff = <optimized out>
saved_errno = 0
failbuf = "\267\020\000\000\000
\"\366\267`\"\366\267\240\"\366\267\000#\366\267@#\366\267\200", <incomplete
sequence \366\267>
clarg = {buf = 0xb7f4025a, oldaction = 0xb7f4025a}
---Type <return> to continue, or q <return> to quit---
#3 0xb7ed6416 in __syslog_chk (pri=6, flag=1, fmt=0x8000c2a0 "removed shadow
group '%s' owned by '%s'\n") at ../misc/syslog.c:131
No locals.
#4 0x80003a5e in main ()
No symbol table info available.
(gdb)
(gdb) quit
A debugging session is active.
Inferior 1 [process 23103] will be killed.
Quit anyway? (y or n) n
Not confirmed.
(gdb) next
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) quit
Didn't found a dbg package and am not sure how to obtain vfprintf.c in the
right location for GDB.
Thanks,
--
Martin Steigerwald - teamix GmbH - http://www.teamix.de
gpg: 19E3 8D42 896F D004 08AC A0CA 1E10 C593 0399 AE90
More information about the Pkg-shadow-devel
mailing list